How often do you think about multi-factor authentication? It is probably part of your daily routine these days no matter your industry. Your bank website requires it, any website asks you to turn it on, it is probably on for your corporate email. Even today we find many organizations that refuse to implement what is now a basic technology. The Cybersecurity and Infrastructure Security Agency has issued a warning that Russian hackers may be exploiting two-factor authentication.
Does this mean you should turn two factors off or hold off on implementing? The simple answer is no. As with any technology, it is written by humans and has mistakes. This will be patched quickly by most organizations and by far the risk reduction of having two factors turned on outweighs the risk of this exploit. How well have you mitigated your risks? Do you know where your risks are?